It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Hacker attack solution?
page: 1share:
Ok, so I might get flamed, or even a few eye rolls on this one, but here goes:
I've noticed that perhaps this site has attracted the attention of a hacker or two (and I'm sure many more over the years this has been up).
Since this is an internet based forum, has tapping your member's skills been considered as a possible security measure?
I'm sure some ATS members have some skill at hacking, or know how its done. Has it been considered to have a pool of dedicated members attempting to break in, then alerting staff when they've found a weak point?
As long as you had trustworthy members you'd appoint for this, you might be able to figure out the weaknesses before the "Bad guys" do...
just a thought....
I've noticed that perhaps this site has attracted the attention of a hacker or two (and I'm sure many more over the years this has been up).
Since this is an internet based forum, has tapping your member's skills been considered as a possible security measure?
I'm sure some ATS members have some skill at hacking, or know how its done. Has it been considered to have a pool of dedicated members attempting to break in, then alerting staff when they've found a weak point?
As long as you had trustworthy members you'd appoint for this, you might be able to figure out the weaknesses before the "Bad guys" do...
just a thought....
Originally posted by nj2day
Has it been considered to have a pool of dedicated members attempting to break in, then alerting staff when they've found a weak point?
Yes!
This hacking philosophy is adhered to by the loosly termed "white hats" which, of course, is directly opposed to a malicious "black hat" individual or group.
Google is my best friend
reply to post by afaik
yup, there are white hats, black hats and grey hats...
Grey hats are somewhere in the middle lol
I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p
best part is, it would be free...
yup, there are white hats, black hats and grey hats...
Grey hats are somewhere in the middle lol
I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p
best part is, it would be free...
I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p
Couldn't tell you, I have no idea, sorry.
Hrmmmm.
I could run a few attacks on ATS.
But I do not want to get in trouble/banned/kicked/ call from isp provider or worse.
I would say any publicly owned web site is open to all sorts of stuff. and have many weak points. the best protection would be some one behind a desk constantly monitoring incoming packets to ATS. and I don't think some one has that kind of hand on there hands.
I could run a few attacks on ATS.
But I do not want to get in trouble/banned/kicked/ call from isp provider or worse.
I would say any publicly owned web site is open to all sorts of stuff. and have many weak points. the best protection would be some one behind a desk constantly monitoring incoming packets to ATS. and I don't think some one has that kind of hand on there hands.
reply to post by LetsPlayFeedTheGater
lol yah, I've had the same thoughts... especially since they frown upon Proxy-ized surfing :p
but it wouldn't take much time... especially if they found 10-15 ATS members willing to participate...
All they'd need is our IP addresses up front to identify us between any real bad ppl...
lol yah, I've had the same thoughts... especially since they frown upon Proxy-ized surfing :p
but it wouldn't take much time... especially if they found 10-15 ATS members willing to participate...
All they'd need is our IP addresses up front to identify us between any real bad ppl...
Well, i dono about you,
but usually when im doing that "kinda" stuff, im connected to 10,000+ proxies , witch usually masks my ip.
And im not going to post my ip out there for a bunch of people to see!
U have some ones ip, countless things could happen.
but usually when im doing that "kinda" stuff, im connected to 10,000+ proxies , witch usually masks my ip.
And im not going to post my ip out there for a bunch of people to see!
U have some ones ip, countless things could happen.
Before this discussion goes any further I would just like to remind the particpants of the
Terms & Conditions Of Use...
Edit to emphasize.
[edit on 3-11-2008 by Gemwolf]
2e.) Illegal Activity: Discussion of illegal activities; specifically mind-altering drugs, computer hacking, criminal hate, sexual relations with minors, and stock scams are strictly forbidden. You will also not link to sites that contains discussion of such material.
...
5a) Unauthorized Access: You will not attempt to access any protected sections of the message board, nor make use of any hacks, cracks, bug exploits, etc. to bypass or modify the features of the forum software or to obtain information beyond the allowed features of your account status. Doing so will result in immediate termination of your account.
Edit to emphasize.
[edit on 3-11-2008 by Gemwolf]
reply to post by Gemwolf
Gem,
Just so i'm not misunderstood, I was asking about if the powers at ATS had considered using their member talent to help secure their site
I'm not trying to support illegal hacking, but was asking if they had considered using legal hacking from our computer geek crowd that frequent the site.
There is a market out there for white hatters... some companies who are testing out new firewalls and such offer rewards for people who can break into their system. This helps them close up the security holes that were exploited to gain access...
Just wanted to make sure everyone, especially the Mods understood what I'm talking about.
Gem,
Just so i'm not misunderstood, I was asking about if the powers at ATS had considered using their member talent to help secure their site
I'm not trying to support illegal hacking, but was asking if they had considered using legal hacking from our computer geek crowd that frequent the site.
There is a market out there for white hatters... some companies who are testing out new firewalls and such offer rewards for people who can break into their system. This helps them close up the security holes that were exploited to gain access...
Just wanted to make sure everyone, especially the Mods understood what I'm talking about.
reply to post by LetsPlayFeedTheGater
you wouldn't need to post it for "all to see"...
only the three amigos, and their site admins would really need it. Its the only way that they could identify between good guys and bad guys.
I would think that if something like this were used on the site, pre-sharing your IP, and possibly more personal information would be needed to make sure you don't go "rogue"...
Its food for thought really, I was just wondering if it had been considered...
I know Hacking sounds scary, and Hackers tend to get bad publicity... but there is an official job title in the real world for (White hat) hackers: Security Systems Analyst.
you wouldn't need to post it for "all to see"...
only the three amigos, and their site admins would really need it. Its the only way that they could identify between good guys and bad guys.
I would think that if something like this were used on the site, pre-sharing your IP, and possibly more personal information would be needed to make sure you don't go "rogue"...
Its food for thought really, I was just wondering if it had been considered...
I know Hacking sounds scary, and Hackers tend to get bad publicity... but there is an official job title in the real world for (White hat) hackers: Security Systems Analyst.
another thought: Since most malicious attackers will use a proxy server to attack, so they aren't discovered... could ATS use the current lists of
proxies that are updated daily on the internet, and restrict the IPs right off the site?
Restricting the use of the anonymous proxy lists would limit where someone could attack from...
There's no way it could ever be all inclusive... but the most visible ones being blocked might be a start...
If there isn't a web tool or site admin tool in place for this already, i'm cringing at the amount of programing finesse it could take to pull it off lol
Restricting the use of the anonymous proxy lists would limit where someone could attack from...
There's no way it could ever be all inclusive... but the most visible ones being blocked might be a start...
If there isn't a web tool or site admin tool in place for this already, i'm cringing at the amount of programing finesse it could take to pull it off lol
reply to post by nj2day
I understand. I saw the conversation going to the "I've hacked so and so", and I just wanted to remind participants not to go down that avenue.
Edit: Clarity
[edit on 3-11-2008 by Gemwolf]
I understand. I saw the conversation going to the "I've hacked so and so", and I just wanted to remind participants not to go down that avenue.
Edit: Clarity
[edit on 3-11-2008 by Gemwolf]
reply to post by Gemwolf
Gotcha thanks for the reminder
although, if a hacker had anything worth bragging about, it would probably be best never to tell anyone what they did.
But, there are a lot of idiots in the world...
Gotcha thanks for the reminder
although, if a hacker had anything worth bragging about, it would probably be best never to tell anyone what they did.
But, there are a lot of idiots in the world...
I'm pretty sure the site administrators have messed around with it themselves. I have a friend who wanted to "hack proof" his computer so his
friends went after it and did what they could. Then they fixed the holes so to speak.
I'm sure your pretty safe here why would they waste their time on a site like this? I'm sure they want the same info we look for here.
I'm sure your pretty safe here why would they waste their time on a site like this? I'm sure they want the same info we look for here.
reply to post by Gemwolf
was saying I could run a few test's
But don't want to for fear of banned/ amoung other things..
Current list's of working proxies?
that wold be a waste of time as in there is no daily update to working proxies ( i think) and there and 100 of thousands if not more proxies. Heck any personal computer could produce a proxy for another person.
from my understanding, a proxy is just the IP of a server machine, like a computer network in some store. or a building that has there network connected to the net.
- Hope I didn't post out of T&C.
was saying I could run a few test's
But don't want to for fear of banned/ amoung other things..
Current list's of working proxies?
that wold be a waste of time as in there is no daily update to working proxies ( i think) and there and 100 of thousands if not more proxies. Heck any personal computer could produce a proxy for another person.
from my understanding, a proxy is just the IP of a server machine, like a computer network in some store. or a building that has there network connected to the net.
- Hope I didn't post out of T&C.
reply to post by LetsPlayFeedTheGater
per T&C, i'm not going to sight sources on this, but yah, there are lots of sites that only exist to search and publish a list of anonymous proxies everyday... some do it more than once a day...
the best ones you have to "know" how to get to, but they are a time saving tool for the amateurs who aren't that skilled...
there's no stopping a skilled hacker... hacking is like 20% knowledge, and 80% spare time... anyone with enough time can get whatever they want...
per T&C, i'm not going to sight sources on this, but yah, there are lots of sites that only exist to search and publish a list of anonymous proxies everyday... some do it more than once a day...
the best ones you have to "know" how to get to, but they are a time saving tool for the amateurs who aren't that skilled...
there's no stopping a skilled hacker... hacking is like 20% knowledge, and 80% spare time... anyone with enough time can get whatever they want...
Most of this is dangerous anymore. A company was convicted of intrusion because they did a dns dig on a zone to find internal IP addresses. IE: They
asked a server to do it's job and tell them IP addresses.. sad.
I suspect that most of the basics are defended (aside from mim attacks which wouldnt be an ATS thing). The rest of the testing could bring down the sight (from sql injects to port jamming or basic underruns etc.).
BTW: A proxy is a server that does the work and hands to you. "10,000 proxies" smells more like a botnet...
(edit, forgot to include my point )
Because the 'testing' could bring the site down, do everyone a favor and think twice, then go watch TV instead of looking up scripts to 'help' the staff find vulnerabilities.
[edit on 3-11-2008 by lordtyp0]
I suspect that most of the basics are defended (aside from mim attacks which wouldnt be an ATS thing). The rest of the testing could bring down the sight (from sql injects to port jamming or basic underruns etc.).
BTW: A proxy is a server that does the work and hands to you. "10,000 proxies" smells more like a botnet...
(edit, forgot to include my point )
Because the 'testing' could bring the site down, do everyone a favor and think twice, then go watch TV instead of looking up scripts to 'help' the staff find vulnerabilities.
[edit on 3-11-2008 by lordtyp0]
reply to post by lordtyp0
well, it could bring down the site if you inject malicious code...
If someone where to find a weakness such as a place on the site vulerable to SQL injections, or Java injections or the like, the person discovering this would not have to inject any sort of code...
The idea that you found a spot that is vulnerable to these attacks is sufficient, and that is when you'd let the three amigos know....
Think of the last attack that SO posted: Injections into the advanced search function...
If a member had found this was possible first, they could have let the amigos know of the weakness... and they could have patched up the hole before it was taken advantage of....
bringing down the entire website, or a denial of service attack, actually would take a lot of work... I could not imagine anyone "accidentally" bringing down ATS...
well, it could bring down the site if you inject malicious code...
If someone where to find a weakness such as a place on the site vulerable to SQL injections, or Java injections or the like, the person discovering this would not have to inject any sort of code...
The idea that you found a spot that is vulnerable to these attacks is sufficient, and that is when you'd let the three amigos know....
Think of the last attack that SO posted: Injections into the advanced search function...
If a member had found this was possible first, they could have let the amigos know of the weakness... and they could have patched up the hole before it was taken advantage of....
bringing down the entire website, or a denial of service attack, actually would take a lot of work... I could not imagine anyone "accidentally" bringing down ATS...
Originally posted by nj2day
reply to post by afaik
yup, there are white hats, black hats and grey hats...
Grey hats are somewhere in the middle lol
I was just wondering if ATS had ever considered recruiting some of their own... I'm sure we have hats of all colors here... might as well make good use of them :p
best part is, it would be free...
So do the gray hats cover the tin foil department? Sorry if this is off topic, but why is it you cannot give this thread a star? Ive seen this happen a couple other times as well.
Originally posted by Darthorious
I'm pretty sure the site administrators have messed around with it themselves. I have a friend who wanted to "hack proof" his computer so his friends went after it and did what they could. Then they fixed the holes so to speak.
I'm sure your pretty safe here why would they waste their time on a site like this? I'm sure they want the same info we look for here.
yeah this method is known as a penetration test and all the server service companies do it, including Anitian enterprise security
new topics
-
Russia Flooding
Other Current Events: 30 minutes ago -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three: 59 minutes ago -
Two Serious Crimes Committed by President JOE BIDEN that are Easy to Impeach Him For.
US Political Madness: 1 hours ago -
911 emergency lines are DOWN across multiple states
Breaking Alternative News: 1 hours ago -
Former NYT Reporter Attacks Scientists For Misleading Him Over COVID Lab-Leak Theory
Education and Media: 4 hours ago -
Why did Phizer team with nanobot maker
Medical Issues & Conspiracies: 4 hours ago -
Pro Hamas protesters at Columbia claim hit with chemical spray
World War Three: 4 hours ago -
Elites disapearing
Political Conspiracies: 6 hours ago -
A Personal Cigar UFO/UAP Video footage I have held onto and will release it here and now.
Aliens and UFOs: 6 hours ago -
Go Woke, Go Broke--Forbes Confirms Disney Has Lost Money On Star Wars
Movies: 8 hours ago
top topics
-
British TV Presenter Refuses To Use Guest's Preferred Pronouns
Education and Media: 14 hours ago, 17 flags -
Go Woke, Go Broke--Forbes Confirms Disney Has Lost Money On Star Wars
Movies: 8 hours ago, 12 flags -
Pro Hamas protesters at Columbia claim hit with chemical spray
World War Three: 4 hours ago, 11 flags -
Trump To Hold Dinner with President of Poland At Trump Tower Tonight
2024 Elections: 17 hours ago, 8 flags -
Elites disapearing
Political Conspiracies: 6 hours ago, 7 flags -
Freddie Mercury
Paranormal Studies: 9 hours ago, 7 flags -
Tucker Carlson interviews Christian pastor from Bethlehem.
Middle East Issues: 16 hours ago, 7 flags -
A Personal Cigar UFO/UAP Video footage I have held onto and will release it here and now.
Aliens and UFOs: 6 hours ago, 5 flags -
Nirvana - Immigrant Song
Music: 13 hours ago, 5 flags -
Two Serious Crimes Committed by President JOE BIDEN that are Easy to Impeach Him For.
US Political Madness: 1 hours ago, 3 flags
active topics
-
Pro Hamas protesters at Columbia claim hit with chemical spray
World War Three • 11 • : FlyersFan -
Nirvana - Immigrant Song
Music • 7 • : Astrocometus -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three • 6 • : JimmyNeutr0n -
Tucker Carlson interviews Christian pastor from Bethlehem.
Middle East Issues • 17 • : FlyersFan -
Two Serious Crimes Committed by President JOE BIDEN that are Easy to Impeach Him For.
US Political Madness • 6 • : charlest2 -
Russia Flooding
Other Current Events • 0 • : Kenzo -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 516 • : cherokeetroy -
AARO/Dr Kirkpatrick-Caught Lying in UAP report.
Aliens and UFOs • 24 • : Ophiuchus1 -
Go Woke, Go Broke--Forbes Confirms Disney Has Lost Money On Star Wars
Movies • 15 • : 5thHead -
911 emergency lines are DOWN across multiple states
Breaking Alternative News • 0 • : TheGoondockSaint